Developments in technology have significantly changed the way in which cartel participants communicate with each other. Almost all such communication now take place in the digital sphere and the records of such communication are stored in electronic devices such as computers, cell phones and tablets. Competition authorities need to collect evidence of communication between competitors and thus gathering digital information has become a fundamental part of their fight against cartels.

Being able to collect digital evidence brings along significant advantages for regulators. First, due to IT forensic technologies, it is possible for competition authorities to retrieve deleted data. Therefore, it is much more difficult for cartel participants to hide or destroy evidence. Second, metadata contains additional information about document such as the date of creation, identities of the sending and receiving parties, date of deletion and date of any alteration. Thus digital documents and related information are more extensive and informative than the physical documents that may have been retained. Third, it is much easier to examine bulk data in a digital environment due to the presence of certain new tools that facilitate the identification of relevant documents.

An important drawback of collecting digital evidence is that digital information is generally stored in bulk and it may not be possible, or at least reasonably so, to separate out documents containing private and privileged information and/or redact such information, before these documents are actually analysed. Hence, when competition authorities examine electronic devices, they inevitably gain access to all kinds of documents, including ones containing private and privileged information.

This raises questions concerning the right to privacy protected under Article 8 of the European Convention on Human Rights (ECHR) and the national laws of many countries. The European Court of Human Rights (ECtHR) held under Colas Est[1] that legal entities also have a right to privacy. Therefore, it is vital to determine how the need of competition authorities to gather digital evidence is to be reconciled with the right to privacy of legal entities and their employees.

According to Article 8 of the ECHR, principles of legality and proportionality must be respected when the right to privacy may be impacted. This means that competition authorities must be expressly authorized to examine electronic devices that may contain private and privileged information and they are required to exercise their regulatory discretion with due care. It should be noted that different procedures might be required for examining personal electronic devices of employees, given the privacy related concerns would be twofold and thus much more serious.

Another critical issue concerning digital evidence is authenticity. Since, for example, it is very easy to forge or manipulate digital evidence, it is of vital significance to ensure that the evidence is authentic.

In order to remove concerns regarding privacy rights and the authenticity of digital evidence, detailed and transparent procedural rules need to be developed. These rules need to clarify when the evidence can be collected lawfully, how it should be stored after collection, how the chain of evidence and custody should be established, how the integrity of the data should be validated and how the reports of the actions concerning the collection of the evidence should be kept.

With respect to the lawful collection of data, competition authorities must be expressly authorized by law to search digital evidences and there must also be additional safeguards established to ensure this authority is not used to disproportionately restrict the right to privacy.

As to the chain of evidence and custody, precautions that enable the authority to prove the authenticity of the digital documents should be taken. Authorities may verify authenticity by using hash values[2] and by using write blockers[3] while making images[4] (assuming they are legally authorized to take such images). In case the authority only takes physical copies of digital documents, it may be sufficient to get a written statement from an authorized representative of the company vouching for the authenticity of these physical copies. However, using IT forensic tools might be required where the data to be examined is too extensive and it is not possible to take physical copies of all the relevant documents. Moreover, after the evidence is collected, a record showing physical possession of the evidence on a continuous basis should be kept. The best practices published by the international organizations such as ICN[5]

would be helpful for establishing national procedural rules.

Currently, technology allows competition authorities to use different IT forensic tools (software and hardware) to take the images of data on servers, examine all sorts of digital devices (including mobile phones and tablets) and retrieve all kinds of data (even deleted data).

There are different programs for examining computers. Nuix is one of the most popular tools used by the competition authorities in various countries. Nuix allows the authorities to extract a vast array of data. Moreover, these types of programs allow "concept" searching, which is much more developed when compared to basic keyword searches. Concept searching detects synonyms and misspellings, identifies variations of certain keywords, identifies groups which consists of people that regularly communicate with each other and track communications on different applications (e.g. instant messaging applications) and automatically crosschecks the content of communications within the groups with keywords and the variations of these keywords. These tools make it much easier for the authorities to find relevant evidence. Moreover, they are also designed in a way to preserve the chain of evidence and protect the authenticity of documents. Similar tools (e.g. Cellebrite) are also used for examining mobile devices.

Although it is technologically possible to search all kinds of devices during "dawn raids", the legal framework within which these searches are executed is also very important due to the reasons explained above. Currently, it is hotly debated whether the personal items of employees may be examined during such raids and whether the images of all data on a server of a company may be acquired and taken to the premises of the competition authorities for examination. The most critical issue in this respect is to strike a balance between the authorities' need to collect evidence and the subjects' right to privacy. The ECtHR held under Robathin[6] that obtaining the image of the entire computer of a lawyer is not proportional given that it would contain privileged information completely unrelated to the investigation and that there were no safeguards in the domestic law to protect such privileged information.

The EU Commission uses the "sealed envelope" approach in its investigations, whereby representatives of the investigated parties are invited to the premises of the Commission while the electronic images are examined, with these parties having the right to identify any data they believe is private and/or privileged. Such a safeguard may be used to remedy the concerns raised by the ECtHR. With respect to personal devices, staff of the EU Commission examine the electronic devices that belong to employees only if the investigated parties have adopted a "bring your own device" policy, under which employees are required to use their own personal devices for professional purposes. Moreover, employees are always given the right to identify private and privileged data during an investigation.

To recap, the legal framework within which regulatory investigations are executed should keep pace with technological developments and should be designed in a way that satisfactorily reconciles the conflicting interests of the investigators and the investigated, namely the need to collect evidence on the one hand and the right to privacy on the other. The best practices of international organizations and the EU provide important models and roadmaps for all countries, including Turkey. In an article to follow this one, we will examine the current situation in this regard in Turkey.

[1] Application no: 37971/97, Societe Colas Est And Others v. France, 16.4.2002.

[2] A hash value is a mathematical algorithm produced against digital information (a file, a physical disk, a logical disk) thereby creating a digital fingerprint for that information. It is by purpose a one-way algorithm and thus it is not possible to change digital evidence, without changing the corresponding hash values. In other words, if the hash value of a fi le has (not) changed, the fi le itself has (not) changed.

[3] Write blockers are used to allow acquisition of digital information on a hard drive without changing and altering the contents.

[4] A forensic image (sometimes called a forensic copy) is an exact bit-by-bit copy of a data carrier including slack, unallocated space and unused space. There are forensic tools available for making these images. Most tools produce information, like a hash value, to ensure the integrity of the image.

[5] International Competition Network, "Anti-Cartel Enforcement Manual Cartel Working Group-Subgroup 2: Enforcement Techniques – Chapter 3: Digital Evidence Gathering", 2010.

[6] Application no: 30457/06, Robathin v. Austria, 03.07.2012.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.